Well, the biggest problems i have with creating an algoritm and perl language as well.

Maybe i'll write about what i need to parse. Basically i would like to parse tcpdump output (pcap file) with perl using following modules: Net::TcpDumpLog; NetPacket::Ethernet; NetPacket::IP; NetPacket::TCP;

As you can see above, both first lines store information about one connection. Let's say that 10.197.191.250 is the server and other addresses are clients. So 10.197.191.250 received 778663 bytes from 10.197.191.50, and 10.197.191.50 received 739008 bytes from 10.197.191.250.

HAving this in mind I would like this output in the format: SESSION REC SENT TOTAL 10.197.191.250:445 <-> 10.197.191.250 778663 739008 1517671 (...)

So, i need to count and place information about one particular connection in one line.

I've modified code from the above link to the following: ============== EDIT================

That code has a lot of problems and if you were using the strict pragma, as you always should be doing, your script won't even compile.

You should not be using prototypes in your subs and the proto definition for the checkArray() sub is not a valid definition and is one of the things which would prevent the script from compiling.

Don't use the & when calling subs unless you know about and need its side effect, which is almost never.

You're doing nested looping over the %sum hash, which is very wasteful.

With one exception, the first argument to the split function is a regex pattern, not a string. The function has been designed to accommodate using a string, primarily for its one exception, but it's poor practice to use a string outside of that exception.

I can list about a dozen more issues, but your starting point should be to add the warnings and strict pragmas and fix the problems that they point out.

Ok, let's back to the begining. I've modified earlier post because i though my script worked (i guess it worked for a while because i had proper results. However i've changed something and it's not working anymore ;))

Ok, so here it goes, code which i placed here before:

Code

#!/usr/bin/perl use NetPacket::Ethernet; use NetPacket::IP; use NetPacket::TCP; use Net::TcpDumpLog; use strict; use warnings;

Script compiles successfully, and i got proper results. However the results are doubled. The reason is clear for me. How to ignore doubled values there? Some checkArray sub which checks other array with values stored before, ID in the hash list? Hash of the hash list? How to do that and place in script?

As would be expected, the pcap shows that each connection has more than just a single value from each direction; some of them have a lot more. It would not make sense to me to list all of those values in the ouput. Maybe just the total.

Here's new script, which still needs some tweaking, but does most of what you need.

Code

#!/usr/bin/perl

use 5.10.0; use strict; use warnings; use NetPacket::Ethernet; use NetPacket::IP; use NetPacket::TCP; use Net::TcpDumpLog; use List::Util qw(sum);